Home
last modified time | relevance | path

Searched refs:option (Results 1 – 16 of 16) sorted by relevance

/security/selinux/
A DKconfig17 This option adds a kernel parameter 'selinux', which allows SELinux
18 to be disabled at boot. If this option is selected, SELinux
20 command line. The purpose of this option is to allow a single
31 This enables the development support option of SELinux,
33 policies. If unsure, say Y. With this option enabled, the
45 This option collects access vector cache statistics to
55 This option sets the number of buckets used in the sidtab hashtable
66 This option defines the size of the internal SID -> context string
68 conversion. Setting this option to 0 disables the cache completely.
/security/tomoyo/
A DKconfig46 policy was loaded. This option will be useful for systems where
64 command line option.
74 option. For example, if you pass init=/bin/systemd option, you may
75 want to also pass TOMOYO_trigger=/bin/systemd option.
83 Enabling this option forces minimal built-in policy and disables
85 this option only if this kernel is built for doing fuzzing tests.
/security/keys/
A DKconfig10 This option provides support for retaining authentication tokens and
28 This option causes the result of the last successful request_key()
46 This option provides a register of persistent per-UID keyrings,
65 This option provides support for holding large keys within the kernel
75 This option provides support for creating, sealing, and unsealing
96 This option provides support for create/encrypting/decrypting keys
109 This option provides support for instantiating encrypted keys using
122 This option provides support for calculating Diffie-Hellman
132 This option provides support for getting change notifications
A Dcompat.c17 COMPAT_SYSCALL_DEFINE5(keyctl, u32, option, in COMPAT_SYSCALL_DEFINE5() argument
20 switch (option) { in COMPAT_SYSCALL_DEFINE5()
112 return keyctl_pkey_e_d_s(option, in COMPAT_SYSCALL_DEFINE5()
A Dkeyctl.c1874 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, in SYSCALL_DEFINE5() argument
1877 switch (option) { in SYSCALL_DEFINE5()
1998 option, in SYSCALL_DEFINE5()
/security/integrity/ima/
A DKconfig61 Disabling this option will disregard LSM based policy rules.
94 line 'ima_hash=' option.
142 This option allows the root user to see the current policy rules.
148 This option enables local measurement integrity appraisal.
172 This option defines an IMA appraisal policy at build time, which
187 This option defines a policy requiring all firmware to be signed,
188 including the regulatory.db. If both this option and
230 This option enables the different "ima_appraise=" modes
283 .system keyring. This option enables X509 certificate
291 This option defines IMA X509 certificate path.
[all …]
/security/apparmor/
A DKconfig52 This option selects whether introspection of loaded policy
65 This option selects whether introspection of loaded policy
67 filesystem. This option provides a light weight means of
68 checking loaded policy. This option adds to policy load
76 This option selects whether sha256 hashing of loaded policy
91 This option allows reading back binary policy as it was loaded.
93 also increases policy load time. This option is required for
/security/ipe/
A DKconfig17 This option enables the Integrity Policy Enforcement LSM
28 This option specifies a filepath to an IPE policy that is compiled
60 This option enables the 'dmverity_roothash' property within IPE
69 This option enables the 'dmverity_signature' property within IPE
80 This option enables the 'fsverity_digest' property within IPE
91 This option enables the 'fsverity_signature' property within IPE
/security/integrity/evm/
A DKconfig40 in the HMAC calculation, enabling this option includes newly defined
55 When this option is enabled, root can add additional xattrs to the
66 This option enables X509 certificate loading from the kernel
76 This option defines X509 certificate path.
/security/
A DKconfig.hardening7 def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
10 def_bool $(cc-option,-ftrivial-auto-var-init=zero)
27 This option enables initialization of stack variables at
86 def_bool $(cc-option,-fsanitize-coverage-stack-depth-callback-min=1)
93 This option makes the kernel erase the kernel stack before
122 This option will cause a warning to be printed each time the
133 The KSTACK_ERASE option instruments the kernel code for tracking
191 def_bool $(cc-option,-fzero-call-used-regs=used-gpr)
229 This option checks for obviously wrong memory regions when
262 Select this option if the kernel should BUG when it encounters
[all …]
A DKconfig17 If this option is not selected, no restrictions will be enforced
83 If this option is not selected, the default Linux security
145 This option enables support for booting the kernel with the
195 option. However, some of these are dynamically created at
207 disabled, choose this option and then set
A Dcommoncap.c1291 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, in cap_task_prctl() argument
1297 switch (option) { in cap_task_prctl()
A Dsecurity.c3722 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, in security_task_prctl() argument
3730 thisrc = scall->hl->hook.task_prctl(option, arg2, arg3, arg4, arg5); in security_task_prctl()
/security/integrity/
A DKconfig8 This option enables the integrity subsystem, which is comprised
25 This option enables digital signature verification support
42 This option enables digital signature verification using
51 This option requires that all keys added to the .ima and
124 option adds a kernel parameter 'integrity_audit', which
/security/yama/
A Dyama_lsm.c221 static int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, in yama_task_prctl() argument
227 switch (option) { in yama_task_prctl()
/security/smack/
A DKconfig51 receiving process. If this option is selected, the delivery

Completed in 27 milliseconds